svg_optimizer rubygem external XML entity (XXE) vulnerability · CVE-2023-46035 · GitHub Advisory Database · GitHub

svg_optimizer rubygem external XML entity (XXE) vulnerability

Moderate severity GitHub Reviewed Published Oct 20, 2023 to the GitHub Advisory Database • Updated Oct 20, 2023

Package

svg_optimizer (RubyGems)

Affected versions

= 0.2.6

Patched versions

0.3.0

Description

An issue in Fnando svg_optimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content.

References

Published to the GitHub Advisory Database Oct 20, 2023

Reviewed Oct 20, 2023

Last updated Oct 20, 2023